As mobile phones increasingly fulfil roles traditionally occupied by other electronic devices, the amount of sensitive data being stored on them has increased accordingly. A potential data security risk is exacerbated by the very mobility causing the exponential development and prevalence of mobile or smart phones. The chances of a smart phone being lost or stolen are fairly high, creating a need for increased security for these devices.
One method which can be used to increase security is so-called “security through obscurity”, or in other words, hiding something in plain sight. The discipline of steganography is often used to implement such hiding. For personal computers, the prior art contains a number of teachings to this effect. Two notable disclosures are found in “The Steganographic File System”, a paper by Anderson, Needham and Shamir (at the 2nd International Workshop on Information Hiding, IH'98, Portland, Oreg., USA, Apr. 15-17 1998, Proc. LNCS 1525, Springer-Verlag, ISBN 3-540-653864, pp. 73-82), and in U.S. Pat. No. 7,584,198 by Slade. Both these disclosures deal with the use of blocks of random data, and using a file system where data to be secured is stored within these blocks in a manner which is not easily detectable. Slade also teaches that a passphrase, used to protect access to the data, may be used for encryption and decryption. However, implementations of steganography as taught by Anderson et al and Slade are presently not used by state of the art smart phones to securely store data, possibly due to their inherent waste of data storage space and their complexity.
Applications, or apps, for the smart phones that allow users to store a picture within another picture, or text within an audio file, making use of steganographic techniques and data redundancy, are available in the prior art. For example, reducing the colour resolution of a picture while keeping the file size constant frees up a section of data space which can be used to hide data in. If the reduction in colour resolution is not easily noticeable, the picture will ostensibly be just a picture, with only the user of the app knowing that some other data is stored securely within it. Another common technique is to reduce the sound quality of an audio file slightly and to utilize the freed-up data space as a secure store. However, such apps are limited by the amount of data that can be practically stored, and are cumbersome to use on a regular basis to store sensitive information.
The prior art also contains a number of smart phone apps with secure data stores, but which are presented as another app at first glance. For example, an app named “Hide It Pro” exists which hides a secure data storage area behind a fully functional audio player. Another, “Video Locker”, hides its data storage behind a fully functional calculator. With these applications, a user typically has to perform the one or other specific input action to obtain an interface where a Personal Identification Number (PIN) or password (aka passphrase) is used to enter the secure data storage area. There are also a large number of prior art smart phone apps which offer secure data storage behind a PIN or password, without hiding the application. A number of these have a decoy password facility, where entering the decoy password results in the user being presented with a fake secure data storage area. This is useful if a smart phone owner is coerced or forced to enter his or her password, with the aim to illegally obtain securely stored sensitive information.
However the aforementioned prior art apps suffer from some disadvantages. Firstly, if not hidden, the mere existence of the apps provide unauthorised users such as hackers or criminals with motivation to search more thoroughly for hidden, sensitive information. But even if they are hidden, due to the limited number of these apps available, it is foreseeable that unauthorised users may be able to easily identify them. Secondly, having the whole secure data storage area behind one PIN or password, or even a number of sequential passwords, creates an unnecessary security risk. Once the password, or passwords, is obtained, by whatever means, the security of all the data/files stored in the secure data storage area is compromised. Thirdly, users typically have to open or use the specific secure data storage application to store sensitive data. This may prove cumbersome. For instance when a user is viewing a .pdf document received via email, and decides to store it securely, he or she first has to open said secure data storage app to do this. Fourthly, a large number of the prior art secure data storage apps offer the possibility for abuse, where data may be stored without consent which may be required or advisable. For example, prior art secure data storage apps may be used by under aged users to hide data without parental consent. Or employees may use their smart phones to hide sensitive data from employers, without consent, possibly for criminal purposes.
The present invention discloses methods to address these disadvantages.